|Publication number||US7774618 B2|
|Application number||US 12/270,015|
|Publication date||Aug 10, 2010|
|Filing date||Nov 13, 2008|
|Priority date||Mar 11, 2004|
|Also published as||US7162647, US7240220, US7461267, US8250376, US20050204154, US20060064604, US20070300079, US20090074190, US20110010561, US20120284531|
|Publication number||12270015, 270015, US 7774618 B2, US 7774618B2, US-B2-7774618, US7774618 B2, US7774618B2|
|Original Assignee||Hitachi, Ltd.|
|Export Citation||BiBTeX, EndNote, RefMan|
|Patent Citations (34), Non-Patent Citations (2), Referenced by (2), Classifications (14), Legal Events (1)|
|External Links: USPTO, USPTO Assignment, Espacenet|
The is a continuation of U.S. patent application Ser. No. 11/761,713, filed Jun. 12, 2007, which is a continuation of U.S. patent application Ser. No. 10/799,086, filed Mar. 11, 2004, which is a continuation of U.S. patent application Ser. No. 11/228,441, filed Sep. 15, 2005, both of which are incorporated by reference herein in their entirety for all purposes.
The present invention is generally related to storage systems and in particular to a system and method for cryptographic storage technique to provide secure long term retention of data.
Storage systems have been evolving around network-based architectures. Notable architectures include network attached storage (NAS) systems and storage area network (SAN) systems. Network accessible storage allows an enterprise to decentralize its operations and to locate its users around the world. Long term storage becomes increasingly more significant as various aspects of an enterprise are reduced to data which can be accessed by its distributed users. In addition, government regulations require long term storage of certain types of information, such as electronic mail.
However, when storage systems are connected through networks, there is a security risk for unauthorized intrusion of the storage systems. Rogue servers or switches, and in general “hackers,” can cause network disruption by their unauthorized access to data. Encrypting the data in flight and/or at rest will work to avoid these risks.
Encryption algorithms are susceptible to technology in that advances in data processing technology create increasingly more powerful computing systems that can be used to break contemporary encryption schemes. An encryption scheme (in general, the cryptographic criteria for encrypting and decrypting data) that is presently thought to be computationally inaccessible is likely to be cracked by the processors and cryptographic engines of a few years from now. One solution is to apply stronger encryption; e.g., use longer encryption key lengths, more advanced encryption algorithms, or both when such time arrives, thereby raising the computational hurdle.
However, this poses problems for encrypted data that is to be stored for long periods of time. First, there is the need to keep the data for a period of time. A time passed, the “older” encrypted data have weaker encryption in comparison to available processing power. Thus, encrypted data thought to be secured at one time is likely to be broken years later. There is a need for the encrypted data to be available. Consequently, the “older” encrypted data is susceptible to unauthorized access by someone with sufficient processing power. Therefore a need exists to provide of increasingly stronger cryptographic criteria, e.g., longer key(s), stronger algorithms, etc., for long term storage of encrypted data.
An aspect of the present invention includes converting data stored on a storage system from a first encryption to a second encryption. The first encryption is based on first cryptographic criteria. The second encryption is based on second cryptographic criteria. During the conversion process, I/O requests can be received and serviced.
Another aspect of the invention includes converting data stored on a storage system wherein the data is initially stored in un-encrypted form. The conversion includes encrypting the data. During the conversion process, I/O requests can be received and serviced.
Aspects, advantages and novel features of the present invention will become apparent from the following description of the invention presented in conjunction with the accompanying drawings, wherein:
For the following discussion, the term “criteria” used in the context of a discussion with cryptographic processes such as encryption and decryption will be understood to refer to families of cryptographic algorithms, specific cryptographic algorithms, a key or keys used with a specific cryptographic algorithm, and so on. Cryptographic criteria refers to the information, such as encryption/decryption key(s) and/or algorithm, that is applied to un-encrypted (“clear”) data to produce encrypted data, and conversely to decrypt encrypted data to produce clear data.
The storage system 102 includes a physical storage component 104. It can be appreciated that the physical storage component 104 can be any appropriate storage architecture. Typical architectures include RAID (redundant array of inexpensive disks) and JBOD (just a bunch of disks). For discussion purposes, the storage component 104 is characterized in that data is physically stored in data units 109 referred to variously as “blocks of data”, “data blocks”, and “blocks”.
A processing unit 110 and a memory component 105 constitute a control component of the storage system to service I/O requests from the host device 101. It is understood that the processing unit 110 and the memory component 105 can be configured in any suitable arrangement. In a particular implementation, for example, the processing unit 110 and the memory 105 can be embodied in a controller device (shown in phantom lines, 122).
An internal bus 112 provides signal paths and data paths among the constituent components of the storage system 102. The internal bus 112 provides a connection between the interface 103 and the processor 110, for example. The internal bus 112 can provide an interface to the physical storage component 104 for data exchange.
The storage system 102 can be provided with a network interface 111 for communication over a communication network 142. The network interface 111 allows networked devices to access the storage system 102. As will be explained below, the network interface 111 allows for the storage system 102 to access a network (e.g., Internet, LAN, etc.) to obtain information.
The memory component 105 typically contains program code that is executed by the processing unit 110 to perform the various functions of the storage system 102. This includes servicing I/O requests from host devices (e.g., host device 101) and communicating over a network via the network interface 111. Consider a read request, for example. The processing to service a read request typically involves accessing one or more block locations on the physical storage component 104 to read out data (read data) from the accessed block location(s). The read data is then communicated to the requesting device. Similarly, a write request is typically serviced by writing one or more blocks associated with the write request to block locations on the physical storage device 104.
The memory component 105 further includes program code collectively referred to as a cryptographic component 124. In accordance with the embodiment of the invention shown in
The cryptographic criteria 106, 107 can be provided to the storage system 102 from an external source. For example, a source 132 can be accessed over the communication network 142 by the storage system 102 to obtain the cryptographic criteria. In this way, the criteria can be provided by an administrator.
For a given environment, it may be preferable to use a hardware engine as compared to a software-based encryption and decryption approach. For example, the processing component 110 can become obsolete for the purpose of cryptographic processing as technology advances. This places a ceiling on the ultimate strength of a software-based cryptographic component. If new cryptographic processing is provided with pluggable physical devices, the tie to the processing component 110 can be severed because the pluggable physical devices can use the latest hardware technology. In the discussions to follow, it will be understood that the cryptographic capability can be provided by hardware, software, and combinations of hardware and software. The different cryptographic criteria will be identified by the reference numerals 106, 107.
According to the embodiment of the present invention shown in
When a read request is made by a host device, one or more blocks of data are read from the physical storage device. The blocks of data, being in encrypted form, are decrypted by applying the first cryptographic criteria to the blocks of data to produce decrypted data blocks. The requested data can then be read out of the decrypted data blocks and communicated back to the host device.
In a first step 201, some setup processing may need to be performed. In the particular implementation described, it is assumed that the physical storage device 104 comprises plural blocks which are sequentially numbered beginning with one (e.g., block #1,
In addition, the criteria 106, 107 for encryption and decryption may require some initialization, depending on the implemented particulars. For example, up until the time for conversion, there is no need to provide the second cryptographic criteria 107. Therefore it is possible that the storages system 102 does not contain the second cryptographic criteria 107. Thus, an initializing step might entail obtaining the criteria that will be identified as the second cryptographic criteria 107. This can be accomplished by an administrator (
In a step 202, the block location on the physical storage device 104 for the block of data that is identified by the “processed position” datum 108 is accessed. The data block is read from the physical storage device 104 at that block location. As discussed above, the data is initially encrypted according to the first criteria 106. Therefore, the data block is decrypted using the first criteria 106 to produce an un-encrypted data block, in a step 203. The second cryptographic criteria 107 are then applied, in a step 204, to the un-encrypted data block to produce a converted data block, which is now encrypted according to the second cryptographic criteria 107. The converted data block is then written back (step 205) to the block location on the physical storage device 104 from which it was initially read in step 202.
Step 202 highlights an aspect of the present invention. As will be discussed, the embodiment of the present invention shown in
Upon completion of the conversion process, each block of data on the physical storage device 104 is encrypted according to the second cryptographic criteria 107. A replacement mechanism, whether hardware, software, or mechanical, can be provided in the storage system 102 to replace cryptographic criteria 106 with the criteria that constitute cryptographic criteria 107. For example, assume the following initial conditions wherein the first criteria 106 comprise the DES (Data Encryption Standard) using a 56-bit length key, and the second criteria 107 comprise the AES (Advanced Encryption Standard) with a 256-bit length key. Upon completion of the conversion process, the replacement mechanism will replace the first criteria 106 with the AES (Advanced Encryption Standard) with the 256-bit length key from the second criteria 107. New criteria that will be identified as the second cryptographic criteria 107 can be made known at some time prior to performing the next conversion process.
If the second cryptographic criteria 107 is characterized by having stronger encryption than the first cryptographic criteria 106, then presumably more processing capability is needed to break data that is encrypted using the second cryptographic criteria than would be needed to break data that is encrypted using the first cryptographic criteria. Consequently, the conversion process of the present invention can be used to increase the encryption strength of encrypted data stored on the storage system 102 when the technology has advanced to a point where the first encryption criteria is no longer deemed to provide adequate security against unauthorized access. For example, when it is determined that contemporary data processing capability can easily break the AES encryption in the example above, then new criteria can be defined. A longer key might be used, or a stronger algorithm might be implemented. At such time, an administrator can provide the new criteria as second cryptographic criteria 107, and initiate another conversion process. In an embodiment of the present invention which employs some form of hardware encryption engine, the new criteria might be plug-in hardware.
Another aspect of the present invention is the servicing of I/O requests during the conversion process. Thus, although blocks of data on the physical storage device 104 are in transition from one encrypted form to the other encrypted form, I/O between the storage system and host devices and other data users is available. This aspect of the present invention will now be discussed in more detail.
If the conversion process is not in progress, then the accessed data blocks are decrypted using the first cryptographic criteria 106, as discussed above. If the conversion process is in progress, then in a step 303 a determination is made for each accessed data block whether that data block has been converted or not. In accordance with the implementation shown in
Since the blocks of data on the physical storage device 104 are sequentially numbered and the conversion process proceeds in increasing order from lowest block number, a block number that is smaller in value than the “processed position” datum 108 identifies a converted data block. Consequently, at a step 304, the second cryptographic criteria 107 are applied to such a block of data to produce a decrypted data block. Conversely, a block number that is greater than or equal to the “processed position” datum 108 identifies a data block that has not been converted. Consequently, at a step 305, the first cryptographic criteria 106 are applied to such a block of data to produce a decrypted block. Then, in a step 306, the data is read out from the decrypted data block and eventually communicated back to the host device 101 to service the read request.
In a step 401, the write request is received by the storage system 102. If the conversion process is not in progress, then the first cryptographic criteria 106 are applied to each block to be written to produce encrypted blocks. The encrypted blocks are then written to the block locations specified in the write request.
If the conversion process is in progress, then for each block of data to be written, a determination is made in a step 402 as to which encryption criteria to use. The target block location of the block to be written is compared with the “processed position” datum 108. If the block location is less than the datum 108, then the second criteria 107 are applied to the block to be written because the block location is in the set of data blocks that have already been converted. If the block number is greater than or equal to the datum 108, then the first criteria 106 are applied to the block to be written because the block location is in the set of data blocks that have not yet been converted. The properly encrypted data block is then written to the physical storage device 104.
As can be seen from the foregoing, the simple mechanism of the “processed position” datum 108 identifies the set of data blocks that have been converted (“converted set”) and the set of data blocks that have not been converted (“unconverted set”). By determining to which set a particular accessed data block (for reading or writing) belongs, the appropriate criteria can be applied to encrypt or decrypt the data block. Those of ordinary skill will therefore realize that other techniques for tracking converted and non-converted data blocks might be more appropriate for a given physical storage scheme.
As mentioned above, conversion of encrypted data on a storage system 102 is provided to convert the stored encrypted data to be encrypted according to a new set of cryptographic criteria. In this way, stronger data encryption can be periodically applied to the data on a storage system to match improvements in data processing technology and thus maintain the data's resiliency to breaking of the encryption. In addition, the conversion is performed in an online fashion which allows the conversion to proceed on a live system. Users can thus access the encrypted storage system during the conversion process in transparent fashion. Data read from the storage system will be properly decrypted. Data written to the storage system will be properly encrypted. Processing in the storage system in accordance with the invention will ensure that the conversion goes to completion, while permitting the servicing of I/O requests.
From the foregoing, it can be appreciated that various alternative embodiments are possible. For example,
The storage appliance 514 includes an interface 503 for a data connection with the host device 101. An interface 504 provides a suitable data connection to a storage system 502. Hardware in the storage appliance 514 includes a processing component 515 and a memory component 505. Program code stored in the memory 505 is executed by the processing component 515 to service I/O requests received from the host device 101 by accessing the storage system 502. The program code includes a cryptographic component 524 which comprises first cryptographic criteria 506 and second cryptographic criteria 507. It can be appreciated that the cryptographic component 524 can be built around an encryption engine, such as shown in
Operation of the storage appliance 514 proceeds according to the processing described in
According to another aspect of the present invention, the data on the storage system 102 can initially be stored in un-encrypted form. This is useful for upgrading legacy systems in which the data is not encrypted, to employ the cryptographic storage technique of the present invention. Actually, this aspect of the present invention is a special case where the first cryptographic criteria 106 is initially NULL, meaning that there are no criteria. It can be appreciated that the conversion process of
The storage appliance embodiment of
As time passes, and the technology improves, it may be decided that new cryptographic criteria is called for to defeat the improved technology. The administrator can access the storage appliance and install new cryptographic criteria and initiate a conversion according to
When the host device 101 requires data access (read or write) with the storage system 602, file level-requests are issued. The requests can be converted to block-level I/O operations by the storage system 602 so that the physical storage device 104 can then be accessed to service the file-level requests. Since, the file system component of the storage system 602 performs the block-level I/O to service the file-level requests, it can be appreciated that the storage system can perform the conversion process and I/O request servicing according to
In the embodiment of
|Cited Patent||Filing date||Publication date||Applicant||Title|
|US4993069||Nov 29, 1989||Feb 12, 1991||International Business Machines Corporation||Secure key management using control vector translation|
|US5208813||Oct 23, 1990||May 4, 1993||Array Technology Corporation||On-line reconstruction of a failed redundant array system|
|US5235641||Mar 12, 1991||Aug 10, 1993||Hitachi, Ltd.||File encryption method and file cryptographic system|
|US5548648||Jul 15, 1994||Aug 20, 1996||International Business Machines Corporation||Encryption method and system|
|US5677952||Dec 6, 1994||Oct 14, 1997||International Business Machines Corporation||Method to protect information on a computer storage device|
|US5742686||Jun 14, 1996||Apr 21, 1998||Finley; Phillip Scott||Device and method for dynamic encryption|
|US5805483||Dec 29, 1995||Sep 8, 1998||Samsung Electronics Co., Ltd.||Method of converting data outputting sequence in inverse DCT and circuit thereof|
|US5940507||Jan 28, 1998||Aug 17, 1999||Connected Corporation||Secure file archive through encryption key management|
|US5987572||Sep 29, 1997||Nov 16, 1999||Intel Corporation||Method and apparatus employing a dynamic encryption interface between a processor and a memory|
|US6240501 *||Sep 4, 1998||May 29, 2001||Sun Microsystems, Inc.||Cache-less address translation|
|US6359621||Feb 5, 1998||Mar 19, 2002||Fujitsu Limited||Data converting device for encoding and editing time series data and method thereof|
|US6570989||Apr 21, 1999||May 27, 2003||Matsushita Electric Industrial Co., Ltd.||Cryptographic processing apparatus, cryptographic processing method, and storage medium storing cryptographic processing program for realizing high-speed cryptographic processing without impairing security|
|US6598161||Aug 9, 1999||Jul 22, 2003||International Business Machines Corporation||Methods, systems and computer program products for multi-level encryption|
|US7162598 *||Nov 26, 2003||Jan 9, 2007||Hitachi, Ltd.||Storage system|
|US7231050||Jan 5, 2001||Jun 12, 2007||Harris Scott C||Protection against unintentional file changing|
|US7349970 *||Mar 29, 2001||Mar 25, 2008||International Business Machines Corporation||Workload management of stateful program entities|
|US20010023484||Mar 12, 2001||Sep 20, 2001||Gen Ichimura||Transmission apparatus, reception apparatus, transmission method, reception method and recording medium|
|US20020019935||May 29, 2001||Feb 14, 2002||Brian Andrew||Encrypting file system and method|
|US20030043905||Aug 29, 2002||Mar 6, 2003||Tadayoshi Nakayama||Image processing method and apparatus, computer program, and storage medium|
|US20030079096||Sep 4, 2002||Apr 24, 2003||Kabushiki Kaisha Toshiba||Apparatus and method for controlling a card device|
|US20030092438 *||Nov 14, 2001||May 15, 2003||Moore Brian J.||Method and apparatus for stabilizing calls during a system upgrade or downgrade|
|US20030126451||Sep 27, 2002||Jul 3, 2003||Gorobets Sergey Anatolievich||Data processing|
|US20030188178||Mar 27, 2002||Oct 2, 2003||Strongin Geoffrey S.||System and method providing region-granular, hardware-controlled memory encryption|
|US20040105501||Nov 20, 2003||Jun 3, 2004||Canon Kabushiki Kaisha||Encoded-data converting apparatus and method for the same|
|US20040125077||Sep 12, 2003||Jul 1, 2004||Ashton Jason A.||Remote control for secure transactions|
|US20040128258||Nov 12, 2003||Jul 1, 2004||Min-Chieh Su||Card certification and authorization system and method thereof|
|US20040177257||Mar 3, 2004||Sep 9, 2004||Matsushita Electric Industrial Co., Ltd.||Data processing device and data processing method|
|US20040250097||Apr 15, 2003||Dec 9, 2004||Francis Cheung||Method and system for data encryption and decryption|
|US20050021986||Jun 25, 2003||Jan 27, 2005||Graunke Gary L.||Apparatus and method for memory encryption with reduced decryption latency|
|US20050102498 *||Nov 7, 2003||May 12, 2005||Hristo Bojinov||Data storage and/or retrieval|
|US20050147240||Jan 5, 2004||Jul 7, 2005||Rakesh Agrawal||System and method for order-preserving encryption for numeric data|
|US20050168443 *||Nov 29, 2004||Aug 4, 2005||Ausbeck Paul J.Jr.||Method and apparatus for producing one-dimensional signals with a two-dimensional pointing device|
|US20050240745 *||Dec 17, 2004||Oct 27, 2005||Sundar Iyer||High speed memory control and I/O processor system|
|WO2002093314A2||May 14, 2002||Nov 21, 2002||Decru, Inc.||Encryption based security system for network storage|
|1||"Advanced Encryption Standard" Federal Information Processing Standards (FIPS) Publication 197 (2001).|
|2||"Data Encryption Standard (DES)" Federal Information Processing Standards (FIPS) Publication 46-2 (1993).|
|Citing Patent||Filing date||Publication date||Applicant||Title|
|US8761396 *||Jan 20, 2012||Jun 24, 2014||Blackberry Limited||System and method for securing data for redirecting and transporting over a wireless network|
|US20120191978 *||Jan 20, 2012||Jul 26, 2012||Little Herbert A||System and method for securing data for redirecting and transporting over a wireless network|
|U.S. Classification||713/190, 726/2|
|International Classification||G06F12/14, G06F21/24, G06F12/00, H04L9/14, H04L9/00|
|Cooperative Classification||G06F21/80, H04L9/088, H04L9/0894, H04L9/14|
|European Classification||H04L9/08M, H04L9/08V, H04L9/14|